Slashdot Mirror
UUnet's Case Study, or The Trouble With Spam
Eggplant62 writes: "In the wake of recent reports of spam-friendliness at big ISP's like AT&T and PSInet, [this article] takes a pretty good look at the problems UU.net is having with enforcing their AUP when it comes to unsolicited email. According to the article, it can take "two to
four weeks to shut off a spammer's digital tap." The author of this article solicited news.admin.net-abuse.email for material for the article." Guess it isn't easy even for the big carriers to end the pink-meat congestion.
I have a 24/7 broadband connection with better then 99.9% uptime at home, and I quite enjoy the minor hobby of being able to run my own tinsy little server on it. I have apache and sendmail, ssh login, etc. The notion of a default policy of filtering ports to the end consumer of bandwidth troubles me enormously.
Indeed, this seems to contradict the notion of free and unrestricted end-to-end service, as discussed recently on slashdot. Not to sound horrible here, but we all manage to live with spam pretty well, it's not like it's all that much of a hassle. I just keep a variety of email addresses to give out for different purposes. A few get a good deal of spam, and it's easy to run a script to delete first time messages from users I have never corresponded with from those accounts.
I just worry that, if we were try to really achieve a spam-free utopia, that it might well be at far too great a cost in freedom. I would rather deal with the occasional spam, then have the commercial bandwitdth providers filter my connection. And there is always the worry of false/vindictive reports leading to unfair account termination.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
I have worked in the security department of a major ISP for quite some time. The response time is not the issue. We could shut down a spammer within 15 minutes of recieving the first complaint. The problem is with fake accounts. A spammer will use stolen credit cards and do online signups with these, set up a mailserver on their computer and spam away the first time they log on and continue until we get the the NMC to kill their connection. By the time we have tracked down their account and have all the paperwork done, (which is just a few minutes) they already have another account waiting, and use a different VPOP, so as not to be totally obvious. The residual damage is having our domain banned, and then trying to contact the other ISPs to clear that ban. This can some times take days. A severe pain in the ass. If they use our mail servers, we can put a maximum sender limit, and that stops them a bit. They then usually migrate to another national ISP with higher limits. Sometimes they use open relays in other countries... but the source ip is from our domain, so we have to shut down the account, then contact the foreign admin of the open relay... and again that can take days, plus several interpreters......etc....etc.
/V\4>....
So response time is not always the main issue.
..remember kids hormel is the devil
/V\4|}
We do not object to use of [SPAM] to describe [unsolicited commercial e-mail], although we do object to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters.
(emphasis mine)
it seems that Slashdot ought to have a new spam icon. See http://www.spam.com for more info.
---
Santa Claus: "Ho ho ho!"
NO CARRIER
Well, I figure since I've had to deal it with almost 100% of my career, I may as well toss out my $0.02USD.
/. readers claim, say, swear, or demand it is. First off, you have several types of spammers.
Spam isn't as easy to stop as most of the 'tech savvy'
First off is your atypical newbie moron spammer, who gladly gives you all his correct information, gets online, and fires away, gets disconnected immediately, gets blacklisted.
Next you have the more technical spammer, who has an array of fake credit card numbers, false names, false addresses, and so on. He'll setup six or seven accounts on one ISP, usually something like AOL or UUnet, and bounce around with these accounts, spamming. On and off before they can catch him in the middle of it.
Third, you have the guy with a pile of lawyers working for him, that's going to negotiate and hardball his way into a contract with an ISP that lets him spam.
The only remaining spam-friendly ISP was AGIS. Why 'was'? That policy was changed due to something like 60%+ of their customers cancelling after the announcement. Remember Spamford Wallace? He was the guy they hooked up first, and he was the guy that lost them a lot of business. Companies blocked AGIS - my employer at the time filtered all of AGIS' netblocks immediately, to prevent incoming spam. Some providers, ie; PSInet, have negotiated contracts with 'big name' (aka LOTS of spam) firms that allow them to spam to their heart's content.
Now, you've got a spammer. We'll say your typical type 2. And you want to shut him down. Not that easy. Because you do NOT have a common factor, including where they're dialing in from, they can CONTINUE to abuse your service, and there's not much at ALL you can do about it till they slip up somehow, which most sales droids are NOT going to be aware of. They'll just keep bouncing around and evading. And if the ISP gets blackholed or filtered all over, they'll just jump ISPs entirely. These are the pricks that cause the most damage to ISPs. They usually also use the ISP's SMTP server - best thing you can do is to disconnect them the second you see it, and pray they don't have more accounts. I've had to deal with a couple of these in the past, and we had one guy sign up for *SIXTY* accounts in *ONE DAY*, all with different information. When we FINALLY figured out who it was, we were ONLY able to kill the accounts because we had relatively few (around 2,000) and knew when they were added.
Now, say you have someone who bought a leased line and ordered it up deliberately for spam. You can't prove it beforehand, and some of the software out there makes it incredibly hard to find the true source. You have to catch them in the act most of the time. And the best you can HOPE to do is to do a shut on their interface. That's assuming you don't have a legal department that you MUST consult before disconnecting a customer for a contract violation (ie; spamming) and who MUST sign off on the disconnect order - I had to deal with this before. In some of the larger shops, ie; UUnet, AOL, etcetera, you have to go to your legal group and get them to sign off on a disconnect, then you have to go to your engineering department, who may or may not have to schedule it as a change management, who may or may not have to get their managers to write off on it, who may or may not have to go further up the chain. In other words, typical corporate bull will typically tie up a spam disconnect for over a week. It's the cold reality. If you disconnect a customer who WASN'T spamming, they can and likely WILL nail you for breach of contract on a leased line, and that could cost your company MILLIONS. Legal wants proof, engineering wants time and to be left alone, management just wants the mess out of their hair. Plus the overworked abuse departments do not help, as most complaints go there. Where I worked, we had a two person abuse department, who typically had a three week turnaround on initial reply.
You have to take all these kind of things into account. I'm certainly not saying UUnet is doing a great job - they aren't - but they're doing the best they can. I'm not personally aware of any contracts UUnet has negotiated permitting spam, and they usually *do* disconnect a customer for spamming. Other providers are far worse. You can whine, scream, complain, and moan all you want, but spam is not going to go away overnight, and policies at these places don't get changed overnight, if at all. UUnet has their policies, as do most other providers, and the tech that ignores them and just unplugs that spammer is going to find himself out of work almost immediately.
A lot of the posters definitely need a good dose of reality, because this is how it is. It's not just unplug the guy. Maybe the Mom & Pop ISPs have that luxury with dialups, but the other ones? Not a chance. So you're just going to have to live with it. Build your own filter lists, update them, etcetera, and quit whining about these companies being unable to stop it immediatley. You want it fixed? You go get a job in management and fix it yourself. No amount of your screaming is going to change a thing.
=RISCy Business, who doesn't give a damn what you think.
your company here.
your company here.
shelby != ford
Prevention is better than cure, in this case.
This seems like an area where a faster, tougher response to spam would greatly reduce their problems with it. If UUnet were to have a working group that spanned the legal, sales and abuse departments that pretty much responded to spam within 12 hours (or some similar short time) and expedited dealing with it, sure, that would cost them a lot more money.
On the other hand, they'd ultimately have less work to do; how many spammers would use the service if they knew that they'd get about 24 hours of use.
A further twist would be placing some sort of brake on large amounts of outgoing mail - perhaps every 10 complaints received reduces the # of messages per hour by 10% that UUnet will handle from these people (or further, artificially choking off the bandwidth of outgoing packets that are directed at port 25 - although that might be infeasible technically). If it turns out the complaints are not well-founded, then the brake could be removed.
Of course, if the ISPs are colluding with the spammers, there's not a whole lot one can do.
My solution to spam on my school account was simply telling friends that I won't accept any email from msn.com and then filter out the whole domain. So far this has worked wonders. Now I know why I have received so much mail originating from msn.com - I read in the linked article that msn is a UUnet partner and that it lacks port 25 filtering. I wish I didn't have to filter out a whole origin domain. I would just ditch the account, but my school refuses to send school-related email to another account.
However the BEST way to go spam-free is to buy oneself a domain that has never been bought before. I have unlimited POP3 (within the space limits that my hoster provides) for myself a few of my friends. I have been spam free on my domain email for just over 2 years now. Not one single one. It's worth the price of email hosting. Just make sure no one has ever had the domain before and let it go back up for sale. Another of my domains have spam associated with certain email addresses. Careless past owners and users! It was funny though seeing the "kmoore" that previously had an email account has subscribed to various porn sites.
---
---
I'm just an ordinary man with nothing to lose.
Why do people spam?
:-)
The actual out-of-pocket costs is minimal to the spammer.
What will stop spam?
When the cost of spamming exceeds the benefit.
With the present US legal system, how can the cost of spamming be increased? Lawsuits.
How to do this?
1) everyone who wants to feed the local ambulance chasers/people who like small claims actions/ppl who hate spammers have to be willing to buy create and sell debt so the others can buy that debt and then can take spammers to court.
2) Software to act as auto-billing and clearing house for the mail analysis debt. (to make it easy for the spammed to help the local ppl to spammer to have to potential to make money)
3) people willing to change their mailers to note that this system accepts mis-configured mail messages and bills for it.
Spammer sends the mail to the host for analysis. Said target machine gets mail and sends 3 billing notices for $250. Then the $250 charge is placed into the 'database'. A local hater of spam/ambulance chaser buys the bad debt (unpaid $250) for a %age, or for $1-5. Local person drags spammer to small claims.
As more people sign up, and more spammers get dragged to court, the economic benifit to spam swings. It becomes a case where spam can cost $250+ court costs per message, + time in small claims court. And, if the local plaintiffs know the schedualed court dates of others, they can arrange court dates one a day.
A spammer getting hit $250+ a day, for 30+ days. Does this make spamming sound profitable?
End effect? Spam moves to sites outside the legal reach of suing countries for products outside the reach of suing countries. And, well, if I had to block all mail from russia or china to stop spam, I don't think I'd loose sleep
If it was said on slashdot, it MUST be true!
Maybe it's me but this paragraph sums it up nicely. UUNet spends (approx) half a billion dollars a year on network upgrades (5*52*2mil) and passes on these costs to ISPs that need the bandwidth to handle the onslaught of spam email coming down the pipe from companies that UUNet negotiates "pink contracts" with - all the while spending 10 million a year on spam cops to screw over the rest.
Nice.
Please stop APK.. you're only hurting yourself.